Resource configuration method and apparatus

ABSTRACT

This application discloses a resource configuration method and apparatus. The method includes: obtaining, by a terminal, a slice attribute corresponding to a slice type of a first session, where the slice attribute corresponding to the slice type includes at least one of a security requirement or a latency requirement of the slice type; and performing resource configuration for the first session based on the slice attribute. In this way, a security requirement and/or a latency requirement of network slices can be implemented on a terminal side.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of International Application No.PCT/CN2018/094544, filed on Jul. 4, 2018, which claims priority toChinese Patent Application No. 201710660664.4, filed on Aug. 4, 2017.The disclosures of the aforementioned applications are herebyincorporated by reference in their entireties.

TECHNICAL FIELD

This application relates to the field of communications technologies,and in particular, to a resource configuration method and apparatus.

BACKGROUND

In the era of 5th generation mobile communications technologies (5G),hundreds of millions of internet of things devices access a network, anddifferent types of application scenarios have different requirements onthe network. Providing services for different types of applicationscenarios by using a single network causes an extremely complex networkarchitecture, and low network management efficiency and resourceutilization efficiency. In 5G network slicing technologies, networkenvironments isolated from each other are provided for the differentapplication scenarios in a manner of virtualizing an independent logicalnetwork on a same network infrastructure, so that network functions andcharacteristics can be customized for the different applicationscenarios based on respective requirements, and quality of service (QoS)requirements of different services can be effectively ensured.

A 5G system needs to support diversified commercial modes and meetrequirements of different industries and different applications by usingend-to-end network slices. Existing network slicing technologydiscussion is mainly limited to implementation on a core network side.How to ensure key performance indicators (KPI) such as security andlatency requirements of network slices on a terminal side while theterminal side perceives the network slice is a problem that urgentlyneeds to be resolved.

SUMMARY

Embodiments of this application provide a resource configuration methodand apparatus, to implement a security requirement and/or a latencyrequirement of network slices on a terminal side.

Specific technical solutions provided in the embodiments of thisapplication are as follows:

According to a first aspect, an embodiment of this application providesa resource configuration method. The method includes: obtaining, by aterminal, a slice attribute corresponding to a slice type of a firstsession, where the slice attribute corresponding to the slice typeincludes at least one of a security requirement or a latency requirementof the slice type; and performing, by the terminal, resourceconfiguration for the first session based on the slice attribute.Therefore, by using the method provided in this embodiment of thisapplication, the terminal implements, based on the slice attributecorresponding to the slice type, that is, at least one of the securityrequirement or the latency requirement, slice type-based resourceisolation and/or priority resource scheduling, thereby providingdifferentiated security protection and resource configurations.Therefore, data security of an application on the terminal is ensured,and not only latency, reliability, and security requirements of theapplication can be met, but also terminal resources can be effectivelyused, to implement end-to-end SLA assurance.

In a possible embodiment, the obtaining, by a terminal, a sliceattribute corresponding to a slice type of a first session includes:sending, by the terminal, a session establishment request message to acontrol plane network element, and receiving a session establishmentaccept message from the control plane network element, where the sessionestablishment accept message carries the slice type of the firstsession; and obtaining, by the terminal based on a mapping relationshipthat is between each slice type and each slice attribute and that islocally stored in the terminal, the slice attribute corresponding to theslice type of the first session. In this embodiment, the terminallocally configures the security requirement and/or the latencyrequirement corresponding to each network slice type. After sessionestablishment of the first session is completed, the terminaldetermines, based on the security requirement corresponding to the firstsession, whether to provide an isolated resource for the first session,thereby ensuring security of an end-to-end network slice, anddetermines, based on the latency requirement corresponding to the firstsession, whether high-priority resource scheduling needs to be providedfor the first session, to ensure latency of the end-to-end networkslice.

In a possible implementation, the obtaining, by a terminal, a sliceattribute corresponding to a slice type of a first session includes:sending, by the terminal, a session establishment request message to acontrol plane network element, and receiving a session establishmentaccept message from the control plane network element, where the sessionestablishment accept message carries the slice attribute correspondingto the slice type of the first session, and the slice attribute is thesecurity requirement of the slice type. In this implementation, in asession establishment process of the first session, the terminalreceives the security requirement that is of the first session and thatis returned by the control plane network element, to trigger theterminal to perform resource isolation on a terminal side based on thesecurity requirement, thereby ensuring security of an end-to-end networkslice.

In a possible implementation, the performing, by the terminal, resourceconfiguration for the first session based on the slice attributeincludes: if the slice attribute includes the security requirement ofthe slice type, determining, by the terminal based on the securityrequirement of the slice type, whether to provide an isolated resourcefor the first session. In this implementation, the terminal determines,based on the security requirement of the slice type, whether an isolatedresource needs to be provided for the first session, and implementsresource configuration by using the security requirement, therebyensuring end-to-end security.

In a possible implementation, the performing, by the terminal, resourceconfiguration for the first session based on the slice attribute furtherincludes: if the slice attribute includes the latency requirement of theslice type, determining, by the terminal based on the latencyrequirement of the slice type, whether to provide high-priority resourcescheduling for the first session. In this embodiment, the terminaldetermines, based on the latency requirement of the slice type, whetherthe high-priority resource scheduling needs to be provided for the firstsession, and implements resource configuration by using the latencyrequirement, thereby ensuring end-to-end latency. It can be learnedthat, when the terminal implements resource configuration by using thesecurity requirement and the latency requirement, the two requirementsare independent of each other, and do not affect each other.

According to a second aspect, an embodiment of this application providesa resource configuration apparatus. The apparatus includes: an obtainer,configured to obtain a slice attribute corresponding to a slice type ofa first session, where the slice attribute corresponding to the slicetype includes at least one of a security requirement or a latencyrequirement of the slice type; and a processor, configured to performresource configuration for the first session based on the sliceattribute.

In a possible implementation, when obtaining the slice attributecorresponding to the slice type of the first session, the obtainer isspecifically configured to: send a session establishment request messageto a control plane network element, and receive a session establishmentaccept message from the control plane network element, where the sessionestablishment accept message carries the slice type of the firstsession; and obtain, based on a mapping relationship that is betweeneach slice type and each slice attribute and that is locally stored inthe terminal, the slice attribute corresponding to the slice type of thefirst session.

In a possible implementation, when obtaining the slice attributecorresponding to the slice type of the first session, the obtainer isspecifically configured to: send a session establishment request messageto a control plane network element, and receive a session establishmentaccept message from the control plane network element, where the sessionestablishment accept message carries the slice attribute correspondingto the slice type of the first session, and the slice attribute is thesecurity requirement of the slice type.

In a possible implementation, when performing resource configuration forthe first session based on the slice attribute, the processor isspecifically configured to: if the slice attribute includes the securityrequirement of the slice type, determine, based on the securityrequirement of the slice type, whether to provide an isolated resourcefor the first session.

In a possible implementation, when performing resource configuration forthe first session based on the slice attribute, the processor is furtherconfigured to: if the slice attribute includes the latency requirementof the slice type, determine, based on the latency requirement of theslice type, whether to provide high-priority resource scheduling for thefirst session.

According to a third aspect, an embodiment of this application providesa terminal. The terminal includes a transceiver, a processor, and amemory. The transceiver, the processor, and the memory may be connectedby using a bus system. The memory is configured to store a program, aninstruction, or code, and the processor is configured to execute theprogram, the instruction, or the code in the memory to complete themethod according to the foregoing first aspect or any possibleimplementation of the first aspect.

According to a fourth aspect, an embodiment of this application providesa computer-readable storage medium. The computer-readable storage mediumstores instructions, and when the instructions are run on a computer,the computer is enabled to perform the method according to the firstaspect.

According to a fifth aspect, an embodiment of this application providesa computer program product including instructions. When the instructionsare run on a computer, the computer is enabled to perform the methodaccording to the first aspect.

According to a sixth aspect, an embodiment of this application providesa chip system. The chip system includes a processor, configured tosupport a terminal in implementing functions involved in the firstaspect. In a possible implementation, the chip system further includes amemory. The memory is configured to save instructions and data that arenecessary for the terminal. The chip system may include a chip, or mayinclude a chip and another discrete component.

It should be understood that, technical solutions in the second to thefifth aspects of the embodiments of this application are consistent withthose in the first aspect of the embodiments of this application, andbeneficial effects achieved by these aspects and correspondingimplementable design manners are similar.

BRIEF DESCRIPTION OF DRAWINGS

The following detailed description of exemplary non-limitingillustrative embodiments is to be read in conjunction with the drawingsof which:

FIG. 1 is a schematic diagram of a next generation mobile network systemarchitecture;

FIG. 2 is a flowchart of a resource configuration method according to anembodiment of this application;

FIG. 3 is a schematic diagram of a resource configuration applicationaccording to an embodiment of this application;

FIG. 4 is a flowchart of a resource configuration method according to anEmbodiment 1 of this application;

FIG. 5 is a schematic diagram of a resource configuration applicationaccording to the Embodiment 1 of this application;

FIG. 6 is a flowchart of a resource configuration method according to anEmbodiment 2 of this application;

FIG. 7 is a flowchart of a resource configuration method according to anEmbodiment 3 of this application;

FIG. 8 is a schematic diagram of a resource configuration applicationaccording to the Embodiment 3 of this application;

FIG. 9 is a schematic structural diagram of a resource configurationapparatus according to an embodiment of this application; and

FIG. 10 is a schematic structural diagram of a terminal according to anembodiment of this application.

DESCRIPTION OF EMBODIMENTS

The following clearly and completely describes the technical solutionsin the embodiments of this application with reference to theaccompanying drawings in the embodiments of this application.

Based on a definition of the 3GPP, a network slice is a set including agroup of network functions, resources for running these networkfunctions, and configurations specific to these network functions. Asshown in FIG. 1, the network slice may provide differentiated networkfeatures based on network requirements of specific services, forexample, aspects such as a function, performance, security, andoperation and maintenance, thereby reducing network complexity,improving network operation performance and user service experience, andreducing costs of network deployment, operation and maintenance.

A terminal may access one or more network slices, and a plurality ofnetwork slices may share some control plane functions, to implement afunction, such as mobility management, of terminal granularity. Theshared control plane functions are referred to as common control planenetwork functions (CCNF). Some other control plane functions and userplane functions are dedicated to the network slice, and are used toimplement a specific service of the network slice.

When the network slice is deployed in a core network, if a userinitially attaches to the network, a network slice selection process istriggered. The network slice selection process depends on subscriptiondata of the user, local configuration information, a roaming agreement,an operator policy, and the like. In the network slice selectionprocess, the foregoing parameters need to be comprehensively consideredto select a most appropriate network slice type for the terminal.

When the terminal needs to access a network slice, the terminal mayprovide network slice selection assistance information (NSSAI) for thecore network, so that the core network selects a network slice instancefor the terminal. Specifically, the terminal may provide the networkslice selection assistance information (NSSAI) for a network side, toselect the network slice instance for the terminal.

(1) The NSSAI may be a standardized value or a particular value within apublic land mobile network (PLMN). The NSSAI is a set of single networkslice selection assistance information (S-NSSAI), and each piece ofS-NSSAI is used to identify a network slice type.

(2) The terminal stores configured NSSAI and/or allowed NSSAI in eachPLMN. The configured NSSAI is configured in the terminal before beingexchanged with the PLMN, and is NSSAI that needs to be used duringregistration in the PLMN. A value of the configured NSSAI is defaultNSSAI configured on the terminal, and may be used by the terminal toselect the network slice when the terminal registers with a network. Thenetwork side sends a registration request message to an appropriate AMFbased on the configured NSSAI carried by the terminal. After theterminal is attached to the network, the network comprehensivelydetermines the allowed NSSAI based on information such as subscriptiondata, a roaming agreement, and local configuration of the terminal, andsends a value of the allowed NSSAI together with a registration acceptmessage to the terminal. When subsequently initiating a service request,the terminal adds the value of the allowed NSSAI to the core network, toperform the network slice selection process. After the terminal isattached to the network, if the core network needs to update the allowedNSSAI of the terminal, a mobility management process (for example, a TAUprocess) may be triggered on the network side to update the allowedNSSAI locally stored in the terminal.

A 5G system needs to support diversified commercial modes and meetrequirements of different industries and different applications by usingend-to-end network slices. To meet a requirement of an end-to-endnetwork slice service that can be ensured, a network slicing technologyrequires cooperation of technologies in various fields, for example,cooperation of a terminal, an access network, and a core network.Existing network slice technology discussion is mainly aboutimplementation on the core network side. A terminal side needs toperceive a currently accessed network slice. When the terminal sideperceives the network slice, how to ensure a KPI such as a securityrequirement and a latency requirement of the slice on the terminal sideis a problem that urgently needs to be resolved.

In view of this, the embodiments of this application provide a resourceconfiguration method and apparatus, to meet the security requirementand/or the latency requirement of the network slice on the terminalside. The method and the apparatus are based on a same inventiveconcept. Because a problem-resolving principle of the method is similarto that of the apparatus, implementations of the apparatus and themethod may mutually refer to each other.

The resource configuration method in the embodiments of this applicationis applicable to a long term evolution (LTE) system or a next generationmobile network (5G) system. In addition, the resource configurationmethod in the embodiments of this application may also be applicable toanother wireless communications system, for example, a global system formobile communications (GSM), a mobile communications system (UniversalMobile Telecommunications System, UMTS), or a code division multipleaccess (CDMA) system.

The terminal in the embodiments of this application may refer to adevice that provides a user with voice and/or data connectivity, ahandheld device with a wireless connection function, or anotherprocessing device connected to a wireless modem. The terminal device mayalternatively be a wireless terminal. The wireless terminal maycommunicate with one or more core networks by using an access network(AN). The wireless terminal may be a mobile terminal, such as a mobilephone (also referred to as a “cellular” phone) and a computer with amobile terminal. The computer with a mobile terminal, for example, maybe a portable, pocket-sized, handheld, computer built-in, orvehicle-mounted mobile apparatus, which exchanges voice and/or data withthe radio access network. For example, the wireless terminal may furtherbe a device such as a personal communication service (PCS) phone, acordless telephone set, a session initiation protocol (SIP) phone, awireless local loop (WLL) station, or a personal digital assistant(PDA). The wireless terminal may also be called a system, a subscriberunit, a subscriber station, a mobile station, a mobile console (Mobile),a remote station, an access point, a remote terminal device (RemoteTerminal), an access terminal device (Access Terminal), a user terminaldevice (User Terminal), a user agent, a user device, or user equipment(UE).

FIG. 1 is a schematic diagram of a next generation mobile network systemarchitecture. A control plane and a forwarding plane in the nextgeneration mobile network architecture are separated, to decouple acontrol plane function from a forwarding plane function of a mobilegateway, decomposing a unified control plane network element (ControlPlane, CP) into a session management function (SMF) entity and an accessand mobility management function (AMF) entity. For example, the systemarchitecture includes: a terminal, an access network (AN), a datanetwork (DN), an SMF, and an AMF. When the terminal is in an activestate, there is an NG1 signaling connection between the AMF and theterminal. A wireless connection exists between the terminal and the AN.The wireless connection includes an RRC signaling connection and a userplane connection, and the user plane connection may be a radio bearer(RB). An NG2 signaling connection exists between the AMF and the AN. AnNG3 signaling connection exists between the AN and a User Plane Function(UPF). An NG4 signaling connection exists between the SMF and a UPF. AnNG6 signaling connection exists between the UPF and the DN. An NG11signaling connection exists between the AMF and the SMF.

The AMF is responsible for attachment, mobility management, a trackingarea update procedure, and the like of the terminal.

The SMF is responsible for session management of the terminal, userplane (UP) network element selection, UP network element reselection, IPaddress assignment, bearer establishment, modification, and release, QoScontrol, and the like.

The AN provides a wireless access service for the terminal. The AN mayinclude various base stations such as a macro base station, a micro basestation (also referred to as a small cell), a relay station, and anaccess point. In systems using different wireless access technologies, adevice having a base station function may have different names Forexample, in an LTE system, the device is referred to as an evolved NodeB(eNB or eNodeB). In a third generation (3G) system, the device isreferred to as a NodeB (Node B). In a 5G system, the device is referredto as a new base station (gNodeB, gNB). This is not limited in thisembodiment of this application.

The DN may be used to provide a data transmission service for theterminal.

The terminal includes but is not limited to a mobile phone, a networkaccess terminal device, an internet of things terminal device, and thelike.

Based on the schematic diagram of the network system architecture shownin FIG. 1, FIG. 2 is a schematic flowchart of a resource configurationmethod according to an embodiment of this application. The procedure maybe specifically implemented by using hardware, software programming, ora combination of software and hardware.

The terminal may be configured to perform the procedure shown in FIG. 2,a functional module, in the terminal, configured to perform the resourceconfiguration solution provided in this embodiment of this applicationmay be specifically implemented by hardware, software programming, or acombination of software and hardware, and the hardware may include oneor more signal processing and/or application-specific integratedcircuits.

As shown in FIG. 2, the procedure specifically includes the followingprocessing processes.

Step 20: The terminal obtains a slice attribute corresponding to a slicetype of a first session, where the slice attribute corresponding to theslice type includes at least one of a security requirement or a latencyrequirement of the slice type.

Step 21: The terminal performs resource configuration for the firstsession based on the slice attribute.

For example, in step 20, the obtaining, by the terminal, a sliceattribute corresponding to a slice type of a first session includes thefollowing two implementations:

A first implementation: The terminal sends a session establishmentrequest message to a control plane network element, and receives asession establishment accept message from the control plane networkelement, where the session establishment accept message carries theslice type of the first session; and the terminal obtains, based on amapping relationship that is between each slice type and each sliceattribute and that is locally stored in the terminal, the sliceattribute corresponding to the slice type of the first session. Theslice attribute includes at least one of the security requirement or thelatency requirement that correspond to the slice type.

In this implementation, the terminal preconfigures the mappingrelationship between each slice type (namely, S-NSSAI) and each sliceattribute. In this case, the slice attribute includes either or both ofthe security requirement and the latency requirement. The terminalreceives, after session establishment is completed, the sessionestablishment accept message sent by the control plane network element.The session establishment accept message carries the S-NSSAIcorresponding to the slice type of the first session, to trigger theterminal to obtain, based on the locally stored mapping relationshipbetween each piece of S-NSSAI and each slice attribute, the sliceattribute corresponding to the slice type of the first session. Forexample, the terminal obtains, in the foregoing manner, at least one ofthe security requirement or the latency requirement that correspond tothe slice type of the first session. In this way, after the sessionestablishment is completed, the terminal determines, based on thesecurity requirement corresponding to the S-NSSAI of the first session,whether to provide an isolated resource for the first session, therebyensuring security isolation of an end-to-end network slice. In addition,the terminal may generate a task scheduling policy based on the latencyrequirement corresponding to the S-NSSAI of the first session, todetermine whether high-priority resource scheduling needs to be providedfor the first session, thereby ensuring latency of the end-to-endnetwork slice.

A second implementation: The terminal sends a session establishmentrequest message to a control plane network element, and receives asession establishment accept message from the control plane networkelement, where the session establishment accept message carries theslice type of the first session and the slice attribute corresponding tothe slice type. For example, the slice attribute carried in the sessionestablishment accept message is the security requirement correspondingto the slice type.

In this implementation, the terminal sends the session establishmentrequest message to the control plane network element in a sessionestablishment process, where the session establishment request messagecarries the S-NSSAI corresponding to the slice type of the firstsession; and receives, in the session establishment process, the S-NSSAIcorresponding to the slice type and the security requirementcorresponding to the slice type that are returned by the control planenetwork element. Optionally, the security requirement may be securityisolation indication information corresponding to the slice type. Theterminal may determine, based on the security isolation indicationinformation, whether to provide an isolated resource for the firstsession, thereby ensuring security isolation of the end-to-end networkslice.

Further, the terminal triggers, based on the S-NSSAI that corresponds tothe slice type of the first session and that is carried in the sessionestablishment accept message, the terminal to obtain, based on thelocally stored mapping relationship between each piece of S-NSSAI andeach slice attribute, the slice attribute corresponding to the slicetype of the first session. The slice attribute herein is the latencyrequirement of the slice.

With reference to the second implementation, the terminal may trigger,based on the slice type carried in a first session accept message andthe security requirement corresponding to the slice type, the terminalto determine, based on the security isolation indication information,whether to provide the isolated resource for the first session. Inaddition, optionally, the terminal may determine, based on the slicetype carried in the first session accept message and the locally storedmapping relationship between each slice type and each latencyrequirement, the latency requirement corresponding to the slice type ofthe first session. That is, the terminal comprehensively determines, inthe foregoing implementation, the slice attribute corresponding to theslice type of the first session.

With reference to the first and the second implementations, the sliceattribute that corresponds to the slice type of the first session andthat is obtained by the terminal includes at least one of the securityrequirement or the latency requirement of the slice type.

In a possible implementation, the slice attribute obtained by theterminal may include both the security requirement and the latencyrequirement of the slice type, and the terminal performs resourceconfiguration for the first session based on both the securityrequirement and the latency requirement of the slice type. To bespecific, the terminal determines, based on a security attribute of theslice type, whether the isolated resource needs to be provided for thefirst session; and in addition, the terminal determines, based on thelatency requirement of the slice type, whether the high-priorityresource scheduling needs to be provided for the first session.

In another possible implementation, the slice attribute obtained by theterminal may include only one of the security requirement and thelatency requirement of the slice type. Further, if the slice attributeobtained by the terminal includes only the security requirement of theslice type, the terminal determines, based on the security requirementof the slice type, whether the isolated resource needs to be providedfor the first session. If the slice attribute obtained by the terminalincludes only the latency requirement of the slice type, the terminaldetermines, based on the latency requirement of the slice type, whetherhigh-priority resource scheduling needs to be provided for the firstsession.

In combination with the foregoing implementations, when the terminalimplements resource configuration by using the security requirement andthe latency requirement, the two requirements are independent of eachother, and do not affect each other.

Specifically, when performing resource configuration for the firstsession based on the slice attribute, the terminal performs resourceconfiguration for the first session based on related informationincluded in the slice attribute. Further, during specificimplementation, if the slice attribute includes the security requirementof the slice type, the terminal determines, based on the securityrequirement of the slice type, whether to provide the isolated resourcefor the first session.

Optionally, the security requirement may be represented by usingsecurity isolation indication information, and the security isolationindication information indicates a security isolation attribute. If thesecurity isolation indication information indicates that the terminalneeds to provide the isolated resource for the first session, thefollowing manner may be used for implementation:

If the security isolation attribute is indicated as strong, the terminalmay perform security hardware protection, for example, a built-inencrypted chip, an encryption process is completed in the chip, andsensitive security data may be separately stored and independentlyoperated, to implement hardware protection.

If the security isolation attribute is indicated as medium, the terminalmay provide security isolation for the first session by using aphysically independent operating system (OS).

If the security isolation attribute is indicated as weak, the terminalmay allocate, based on a shared OS, an independent central processingunit (CPU) to the first session and provide an isolated process group.For example, isolated process groups use different namespaces to achievean isolation purpose, and different process groups have respectiveprocesses, networks, and the like.

If the slice attribute includes the latency requirement of the slicetype, the terminal determines, based on the latency requirement of theslice type, whether to provide the high-priority resource scheduling forthe first session. It should be noted that the high priority inembodiments of this application means that a priority is higher than apreset value. For example, for a session having a low latencyrequirement, the terminal may use a real-time operating system to set ahigh process priority, and provide a timely response and highreliability. For a session having no latency requirement, the terminalmay use a non-real-time operating system to set a low process priority,and provide a lightweight computing capability. It should be noted that,the session having a low latency requirement is a session having anextremely high requirement for quality of service (QoS). For example, arequirement for a service such as latency, latency jitter, or a packetloss rate is usually less than a preset value. The session having nolatency requirement is a session having no extremely high requirementfor quality of service (QoS). For example, a requirement for a servicesuch as latency, latency jitter, or a packet loss rate is usuallygreater than or equal to a preset value. For example, in FIG. 3, theterminal currently accesses network slices corresponding to twodifferent slice types, which are an enhanced mobile broadband (eMBB)slice and an internet of vehicles (vehicle to X, V2X) slice. Forexample, the eMBB slice may be specific to a high-bandwidth low-latencyservice, such as a high-definition video service or a virtualreality/augmented reality service. Specifically, Table 1 showsrequirement indexes of eMBB services, and Table 2 shows a requirementindex of a V2X service.

TABLE 1 Enhanced mobile broadband service Requirement Moving categoryScenario example Bandwidth Latency speed Enhanced Enhanced video (UHD/Downlink: 1 Gbps 10 ms Walking mobile holographic, virtual Uplink: 500Mbps speed broadband & augmented reality) service High-speed trainDownlink: 50 Mbps 10 ms Highest: Uplink: 25 Mbps 500 km/h 3D connection:flight Downlink: 15 Mbps 10 ms Highest: vehicle Uplink: 7.5 Mbps 1000km/h Ultra-low cost network Downlink: 10 Mbps 50 ms 0-50 km/h (coveringpopulation Uplink: 10 Mbps in backward areas) Anytime and anywhereDownlink: 50 Mbps 10 ms 0-120 km/h 50 Mbps (lowest Uplink: 25 Mbpsservice requirement)

The V2X slice may be specific to a service that is extremely sensitiveto latency, for example, a service such as assistantdriving/self-driving. Packet loss rate of the V2X services <10⁻⁵, jitter<μs, and has 1 ms of end-to-end latency.

TABLE 2 Internet of vehicles service Requirement Moving categoryScenario example Bandwidth Latency speed Internet of Automatic trafficDownlink: 50 kbps 1 ms 0-500 vehicles control/automatic to 10 Mbps km/hservice driving Uplink: 20 kbps to 10 Mbps

It can be learned from Table 1 and Table 2 that network slices of thetwo different slice types need different types of network features andperformance requirements, for example, mobility, security, a policy,latency, and reliability.

It can be learned from FIG. 3 that, when initiating a session request,the terminal can obtain a security requirement and a latency requirementof a network slice of the session. For example, a security isolationattribute and a latency requirement of a network slice corresponding toa network slice type may be obtained based on the slice type of thenetwork slice, so as to perform session resource configuration based onthe security isolation attribute and the latency requirement of thenetwork slice.

For example, a slice type corresponding to the eMBB slice is S-NSSAI-1.When the terminal initiates a session establishment request of a firstsession, and accesses the eMBB slice to use a high-definition videoservice, if a control plane network element indicates that a securityisolation attribute of the eMBB slice that corresponds to the S-NSSAI-1is relatively low or it is found, by using configuration informationlocally stored in the terminal, that a security isolation attribute ofthe eMBB slice that corresponds to the S-NSSAI-1 is relatively low, theterminal may perform resource isolation for the first session by using ashared OS. It is found, by using the configuration information locallystored in the terminal, that a latency requirement corresponding to theeMBB slice that corresponds to the S-NSSAI-1 is latency A. It is furtherdetermined that the eMBB slice can provide a service for a servicehaving no latency requirement, and while using the shared OS to performresource isolation, the terminal may further use a real-time operatingsystem, set a high process priority, and provide a timely response andhigh reliability.

Similarly, a slice type corresponding to the V2X slice is S-NSSAI-4.When the terminal initiates a session establishment request of a firstsession, and accesses the V2X slice to use a self-driving service, if acontrol plane network element indicates that a security isolationattribute of the V2X slice that corresponds to the S-NSSAI-4 isrelatively strong or it is found, by using configuration informationlocally stored in the terminal, that a security isolation attribute ofthe V2X slice that corresponds to the S-NSSAI-4 is relatively strong,the terminal may use a physically independent OS to prevent data leakageand ensure personal data security. It is found, by using theconfiguration information locally stored in the terminal, that a latencyrequirement of the V2X slice that corresponds to the S-NSSAI-4 is a lowlatency requirement. While performing security hardware protection, theterminal may further use a real-time operating system, set a highprocess priority, and provide a timely response and high reliability.

By using the foregoing implementation method, the terminal implements,based on the slice attribute corresponding to the slice type, that is,at least one of the security requirement or the latency requirement,slice type-based resource isolation and/or priority resource scheduling,thereby providing differentiated security protection and resourceconfiguration. Therefore, data security of an application on theterminal is ensured, and not only latency, reliability, and securityrequirements of the application can be met, but also a terminal resourcecan be effectively used, to ensure an end-to-end service-level agreement(SLA).

Based on the network architecture shown in FIG. 1, the followingdescribes the foregoing method in detail by using three embodiments.

Embodiment 1

In the technical solution in Embodiment 1, a terminal receives, in asession establishment process of a first session, a security requirementthat is of the first session and that is returned by a control planenetwork element, to trigger the terminal to perform resource isolationon the terminal side based on the security requirement. Specifically,the control plane network element determines, based on a service typerequested by the terminal, the security requirement of a network sliceassociated with the first session; in a session establishment acceptmessage, the control plane network element returns the securityrequirement corresponding to the first session; and after receiving thesecurity requirement of the first session, the terminal determineswhether an isolated resource needs to be provided for the first session.A specific process is shown in FIG. 4.

Step 41: The terminal initiates, to an AMF by using an AN, a sessionestablishment request message for a first session of a firstapplication, where the session establishment request message carries asession identifier (a Packet Data Unit (PDU) session ID) allocated tothe first session and a slice type to which the first application ismapped based on an NSSP, and the slice type is represented by S-NSSAI.

It should be noted that before step 41 is performed, a network sliceselection policy (NSSP) of each PLMN network is preconfigured on theterminal.

In a possible implementation, the network slice selection policyincludes a mapping rule between an application and a slice type. Whenthe terminal needs to initiate a session establishment request of anapplication, the session establishment request message carries S-NSSAIto which the application is mapped based on the NSSP.

Further, the network slice selection policy may indicate the mappingrule between an application and a slice type by using Table 3. Forexample, an NSSP rule 1 in Table 3 represents that S-NSSAI to which anapplication Al, an application A2, . . . , and an application An aremapped is S-NSSAI-1, and meanings of other NSSP rules are similar. Itshould be noted that this is merely an example for description, and isnot limited in embodiments of this application.

TABLE 3 NSSP rule 1 Applications A1 to An S-NSSAI-1 NSSP rule 2Applications B1 to Bn S-NSSAI-2 NSSP rule 3 Applications C1 to CnS-NSSAI-3 NSSP rule 4 Applications D1 to Dn S-NSSAI-4 . . . . . . . . .

Step 42: After receiving the session establishment request message ofthe terminal, an AMF selects an SMF based on the S-NSSAI carried in thesession establishment request message. The SMF belongs to a networkslice corresponding to the S-NSSAI, and the AMF sends a sessionmanagement (SM) request message to the SMF. The session managementrequest message carries a permanent identifier (Subscriber PermanentIdentifier, SUPI) of the terminal, the session identifier (PDU sessionID) of the first session, and the S-NSSAI.

Step 43: The SMF performs a PDU session establishment process with theterminal, including that the SMF selects a UPF network element for theterminal, assigns an IP address to the terminal, and so on.

Step 44: The SMF returns an SM request answer message to the AMF, wherethe SM request answer message carries a permanent identifier SUPI of theterminal, the PDU session ID of the first session, the S-NSSAI, andsecurity isolation indication information corresponding to the slicetype identified by the S-NSSAI.

It should be noted that in this embodiment, the security isolationindication information is used to represent the security requirement,and the security isolation indication information is used to indicate asecurity isolation attribute. Optionally, the security isolationindication information may use strong, medium, or weak to represent acorresponding security isolation attribute. The security isolationattribute may be indicated in another manner. This is not specificallylimited in embodiments of this application.

Step 45: The AMF returns a session establishment accept message to theterminal by using the AN, where the session establishment accept messagecarries the PDU session ID of the first session, the S-NSSAI, and thesecurity isolation indication information corresponding to the slicetype identified by the S-NSSAI.

Step 46: After receiving the session establishment accept messagereturned by the AMF, the terminal determines, based on the securityisolation indication information carried in the session establishmentaccept message, whether an isolated resource needs to be provided forthe first session. The security isolation indication informationindicates a security isolation attribute that is of the first sessionand that is associated with the S-NSSAI.

It should be understood that the security isolation indicationinformation is further used to indicate a resource isolation requirementof the first session of the terminal, that is, indicate whether theisolated resource needs to be provided for the first session.

Step 47: When determining that the security isolation indicationinformation indicates that the terminal needs to provide the isolatedresource for the first session, the terminal provides the correspondingisolated resource for the first session based on the security isolationindication information.

In certain example implementations, the terminal may preconfigure aresource isolation manner corresponding to each security isolationattribute.

Specifically, in a possible implementation, if a security isolationattribute in the security isolation indication information is indicatedas strong, the terminal may provide the isolated resource for the firstsession through security hardware protection. For example, the securityhardware protection may be implemented by using a built-in encryptedchip, each encryption process is completed in the encrypted chip, andall sensitive secure data can be stored separately and operatedindependently, thereby implementing the hardware protection.

In a possible implementation, if a security isolation attribute in thesecurity isolation indication information is indicated as medium, theterminal may provide the isolated resource for the first session byusing a physically independent OS, and subsequently, a data stream ofthe first application is transmitted to a core network by using thefirst session.

In a possible implementation, if a security isolation attribute in thesecurity isolation indication information is indicated as weak, theterminal may allocate, based on a shared OS, an independent CPU to thefirst session, and provide an isolation process group to provide theisolated resource for the first session. Subsequently, the data streamof the first application is transmitted to the core network by using thefirst session.

For example, as shown in FIG. 5, the terminal currently accesses networkslices corresponding to two different slice types: an eMBB slice and aV2X slice. When the terminal needs to use a high-definition videoservice, the terminal initiates a session establishment request toaccess the eMBB slice. If the control plane network element AMFindicates to the terminal that a security isolation attribute of theeMBB slice is weak, the terminal may provide the isolated resource forthe first session by using the shared OS.

Similarly, when the terminal needs to use a self-driving service, theterminal initiates a session establishment request to access the V2Xslice. If the control plane network element AMF indicates to theterminal that a security isolation attribute of the V2X slice is medium,the terminal may prevent data leakage by using the physicallyindependent OS, to ensure personal data security.

In FIG. 5, each of an application A, an application B, an application Cand an application D on a terminal side uses the eMBB slice. If anetwork indicates that the security isolation attribute of the eMBBslice is weak, a session associated with these applications uses ashared OS mechanism. Both an application E and an application F on theterminal side use V2X slices. If the network indicates that the securityisolation attribute of the eMBB slice is medium, the terminal mayvirtualize an independent OS-1 for a session resource of the applicationE, and both a session and data of the application E are protected on theOS-1. In addition, the terminal virtualizes another independent OS-2 fora session resource of the application F, and both the session and dataof the application F are protected on the OS-2. In this case, the dataof both the application E and the application F is not accessed by anapplication in another slice, to ensure resource isolation.

In the technical solution in Embodiment 1 of this application, theterminal receives, in a session establishment process of the firstsession, the security requirement that is of the network slice typeassociated with the first session and that is returned by the controlplane network element, to trigger the terminal to determine, based onthe security requirement, whether to perform resource isolation on theterminal side, thereby ensuring security of an end-to-end network slice.

Embodiment 2

A general procedure in Embodiment 2 is similar to that in Embodiment 1.A difference lies in that in Embodiment 2, a terminal locally configuresa security requirement corresponding to each network slice type(S-NSSAI).

Specifically, when the terminal locally configures the securityrequirement corresponding to each network slice type, in a possibleimplementation, a dimension is added to an original NSSP locally storedin the terminal, to add a security requirement of a slice type thatcorresponds to the S-NSSAI. Optionally, the security requirement may berepresented by using a security isolation attribute. In this embodimentof this application, the security isolation attribute is represented byusing strong, medium, or weak. For details, refer to Table 4. Forexample, an NSSP rule 1 in Table 4 represents that S-NSSAI to which anapplication Al, an application A2, . . . , and an application An aremapped is S-NSSAI-1, security isolation attributes are all weak, andmeanings of other NSSP rules are similar.

TABLE 4 NSSP rule 1 Applications A1 to An S-NSSAI-1 Security isolationattribute: weak NSSP rule 2 Applications B1 to Bn S-NSSAI-2 Securityisolation attribute: medium NSSP rule 3 Applications C1 to Cn S-NSSAI-3Security isolation attribute: medium NSSP rule 4 Applications D1 to DnS-NSSAI-4 Security isolation attribute: strong . . . . . . . . . . . .

When the terminal locally configures the security requirementcorresponding to each network slice type, in another possibleimplementation, the terminal locally directly configures a list ofdifferent security requirements. The list includes network slice types,that is, S-NSSAI included in the different security requirements.Optionally, the security requirement may be represented by using asecurity isolation attribute. In this embodiment of this application,the security isolation attribute is represented by using strong, medium,or weak. For details, refer to Table 5. For example, Table 5A storesS-NSSAI corresponding to a slice whose security isolation attribute isweak. If a security isolation attribute corresponding to the S-NSSAI-1is weak, a network slice type stored in Table 5A is the S-NSSAI-1. Table5B stores S-NSSAI corresponding to a slice whose security isolationattribute is medium. If security isolation attributes corresponding tothe S-NSSAI-2 and the S-NSSAI-3 are medium, network slice types storedin Table 5B are the S-NSSAI-2 and the S-NSSAI-3. Table 5C stores S-NSSAIcorresponding to a slice whose security isolation attribute is strong.If a security isolation attribute corresponding to the S-NSSAI-4 isstrong, a network slice type stored in Table 5C is the S-NSSAI-4. Itshould be noted that Table 5-A, Table 5-B, and Table 5-C are merely usedto distinguish different security requirement lists. This is not limitedin embodiments of this application.

TABLE 5 Security isolation attribute: weak Table 5-A Security isolationattribute: medium Table 5-B Security isolation attribute: strong Table5-C

Further, the terminal carries a session establishment request ofinitiating a first session by the S-NSSAI, and after the session issuccessfully established, the terminal determines, based on securityisolation attribute information of the S-NSSAI, whether an isolatedresource needs to be allocated to the first session. An exampleprocedure is shown in FIG. 6.

Step 61: The terminal initiates, to an AMF by using an AN, a sessionestablishment request message for a first session of a firstapplication, where the session establishment request message carries asession identifier (PDU session ID) allocated to the first session and aslice type to which the first application is mapped based on an NSSP,and the slice type is represented by S-NSSAI.

Step 62: After receiving the session establishment request message ofthe terminal, the AMF selects an SMF based on the S-NSSAI carried in thesession establishment request message. The SMF belongs to a networkslice corresponding to the S-NSSAI, and the AMF sends an SM requestmessage to the SME The SM request message carries an SUPI of theterminal, the PDU session ID of the first session, and the S-NSSAI.

Step 63: The SMF performs a PDU session establishment process with theterminal, including that the SMF selects a UPF network element for theterminal, assigns an IP address to the terminal, and so on.

Step 64: The SMF returns an SM request answer message to the AMF, wherethe SM request answer message carries the SUPI of the terminal, the PDUsession ID of the first session, and the S-NSSAI.

Step 65: The AMF returns a session establishment accept message to theterminal by using the AN, where the session establishment accept messagecarries the session identifier of the first session and the S-NSSAI.

Step 66: The terminal receives the session establishment accept messagereturned by the AMF, and the first session is successfully established.The terminal queries, based on S-NSSAI associated with the firstsession, locally stored security isolation attribute informationcorresponding to the S-NSSAI, and determines whether an isolatedresource needs to be provided for the first session.

For example, if the S-NSSAI associated with the first session isS-NSSAI-1, and a security requirement list configured by the terminal isshown in Table 4, the terminal queries, in Table 4, the securityisolation attribute information corresponding to the S-NSSAI-1, andfinds that a security isolation attribute corresponding to the S-NSSAI-1is weak. Similarly, if the security requirement list configured by theterminal is shown in Table 5, the terminal sequentially queries Table5-A, Table 5-B, and Table 5-C to determine whether the securityisolation attribute information corresponding to the S-NSSAI-1 exists,and ends the query when finding the security isolation attributecorresponding to the S-NSSAI-1. In this case, in Table 5-A, it is foundthat the security isolation attribute corresponding to the S-NSSAI-1 isweak.

It should be noted that in this embodiment, security isolationindication information is used to represent the security requirement,and the security isolation indication information is used to indicatethe security isolation attribute. Optionally, the security isolationindication information may use strong, medium, or weak to represent acorresponding security isolation attribute. The security isolationattribute may be indicated in another manner. This is not specificallylimited in embodiments of this application.

It should be understood that the security isolation indicationinformation is further used to indicate a resource isolation requirementof the first session of the terminal, that is, indicate whether theisolated resource needs to be provided for the first session.

Step 67: When determining that the security isolation indicationinformation indicates that the terminal needs to provide the isolatedresource for the first session, the terminal provides the correspondingisolated resource for the first session based on the security isolationindication information.

In certain example implementations of step 67, refer to correspondingimplementations in step 47.

In the technical solution in Embodiment 2 of this application, theterminal locally configures the security requirement corresponding toeach network slice type. After the session establishment of the firstsession is completed, the terminal determines, based on the securityrequirement corresponding to the S-NSSAI associated with the firstsession, whether to provide the isolated resource for the first session,thereby ensuring security of an end-to-end network slice.

Embodiment 3

In the technical solution in Embodiment 3, to ensure latency of anetwork side slice on a terminal side, a terminal locally configures alatency requirement corresponding to each network slice type (S-NSSAI).

Specifically, when the terminal locally configures the latencyrequirement corresponding to each network slice type, in a possibleimplementation, a dimension is added to an original NSSP locally storedin the terminal, to add a latency requirement of a slice type thatcorresponds to the S-NSSAI. For example, an NSSP rule 1 in Table 6represents that S-NSSAI to which an application Al, an application A2, .. . , and an application An are mapped is S-NSSAI-1, duration of thelatency requirement is A, and meanings of other NSSP rules are similar.For details, refer to Table 6.

TABLE 6 NSSP rule 1 Applications A1 to An S-NSSAI-1 Latency A NSSP rule2 Applications B1 to Bn S-NSSAI-2 Latency B NSSP rule 3 Applications C1to Cn S-NSSAI-3 Latency B NSSP rule 4 Applications D1 to Dn S-NSSAI-4Latency C . . . . . . . . . . . .

When the terminal locally configures the latency requirementcorresponding to each network slice type, in another possibleimplementation, the terminal locally directly configures an S-NSSAI listhaving different latency requirements. The list includes S-NSSAIcorresponding to different latency requirements. As shown in Table 7,for example, Table 7-A stores S-NSSAI corresponding to a slice whoselatency requirement is W. If a latency requirement corresponding toS-NSSAI-1 is W, a network slice type stored in Table 7-A is theS-NSSAI-1. Table 7-B stores S-NSSAI corresponding to a slice whoselatency requirement is Y. If latency requirements corresponding toS-NSSAI-2 and S-NSSAI-3 are Y, network slice types stored in Table 7-Bare the S-NSSAI-2 and the S-NSSAI-3. Table 7-C stores S-NSSAIcorresponding to a slice whose latency requirement is Z. If a latencyrequirement corresponding to S-NSSAI-4 is Z, a network slice type storedin Table 7-C is the S-NSSAI-4. It should be noted that Table 7-A, Table7-B, and Table 7-C are merely used to distinguish between differentlatency requirement lists. This is not limited in embodiments of thisapplication.

TABLE 7 Latency requirement: W Table 7-A Latency requirement: Y Table7-B Latency requirement: Z Table 7-C

Further, the terminal carries a session establishment request ofinitiating a first session by the S-NSSAI, and after the session issuccessfully established, the terminal determines, based on a locallyconfigured latency requirement of the S-NSSAI, whether high-priorityresource scheduling needs to be provided for the first session. Aspecific process is shown in FIG. 7.

Step 71: The terminal initiates, to an AMF by using an AN, a sessionestablishment request message for a first session of a firstapplication, where the session establishment request message carries asession identifier (PDU session ID) allocated to the first session and aslice type to which the first application is mapped based on an NSSP,and the slice type is represented by S-NSSAI.

Step 72: After receiving the session establishment request message ofthe terminal, the AMF selects an SMF based on the S-NSSAI carried in thesession establishment request message. The SMF belongs to a networkslice corresponding to the S-NSSAI, and the AMF sends an SM requestmessage to the SME The SM request message carries an SUPI of theterminal, the PDU session ID of the first session, and the S-NSSAI.

Step 73: The SMF performs a PDU session establishment process with theterminal, including that the SMF selects a UPF network element for theterminal, assigns an IP address to the terminal, and so on.

Step 74: The SMF returns an SM request answer message to the AMF, wherethe SM request answer message carries a permanent identifier SUPI of theterminal, the PDU session ID of the first session, and the S-NSSAI.

Step 75: The AMF returns a session establishment accept message to theterminal by using the AN, where the session establishment accept messagecarries the session identifier of the first session and the S-NSSAI.

Step 76: The terminal receives the session establishment accept messagereturned by the AMF, which represents that the first session issuccessfully established.

The terminal queries, based on S-NSSAI associated with the firstsession, a locally stored latency requirement corresponding to theS-NSSAI, and determines whether high-priority resource scheduling needsto be provided for the first session.

In certain example implementations, if the latency requirementcorresponding to the S-NSSAI is less than a preset value, the firstsession is determined as a session having a low latency requirement; andif the latency requirement corresponding to the S-NSSAI is not less thanthe preset value, the first session is determined as a session having nolatency requirement.

Step 77: When determining, based on a latency requirement associatedwith the first session that the high-priority resource scheduling needsto be provided for the first session, the terminal provides, based onthe latency requirement, corresponding resource scheduling for the firstsession.

Specifically, the terminal correspondingly sets different resourcescheduling policies for sessions having different latency requirements.

In a possible implementation, if the first session is a session having alow latency requirement, for example, a session of an ultra-reliablelow-latency communication (URLLC) service, the resource schedulingpolicy provided by the terminal is as follows: A real-time operatingsystem is used to set a high process priority, and provide a timelyresponse and high reliability. If the first session is a session havingno latency requirement, for example, a session of a sensor measurementservice or a small packet transmission service, the resource schedulingpolicy provided by the terminal is as follows: A non-real-time operatingsystem is used to set a low process priority, and provide a lightweightcomputing capability.

For example, as shown in FIG. 8, the terminal currently accesses networkslices corresponding to two different slice types: an eMBB slice and aV2X slice. When the terminal needs to use a high-definition videoservice, the terminal initiates a session establishment request toaccess the eMBB slice. If a slice type corresponding to the eMBB sliceis S-NSSAI-2, the terminal obtains that a latency requirementcorresponding to the S-NSSAI-2 is W, and determines that a latencyrequirement corresponding to the eMBB slice is a low latencyrequirement. The terminal may use a real-time operating system, to set ahigh process priority, and provide a timely response and highreliability.

Similarly, when the terminal needs to use a self-driving service, theterminal initiates a session establishment request to access the V2Xslice. If a slice type corresponding to the V2X slice is S-NSSAI-3, theterminal obtains that a latency requirement corresponding to theS-NSSAI-3 is W, and determines that a latency requirement correspondingto the V2X slice is a low latency requirement. The terminal may use areal-time operating system, to set a high process priority, and providea timely response and high reliability.

In the technical solution in Embodiment 3 of this application, theterminal locally configures the latency requirement corresponding toeach piece of S-NSSAI. After the session establishment is completed, theterminal generates the resource scheduling policy based on the latencyrequirement corresponding to the S-NSSAI of the session, and determineswhether the high-priority resource scheduling needs to be provided forthe session, thereby ensuring latency of an end-to-end network slice.

It should be noted that, the technical solution in Embodiment 2 may beused in combination with the technical solution in Embodiment 3. In thiscase, the terminal locally configures the security requirement and thelatency requirement that correspond to each piece of S-NSSAI. For aspecific configuration method, refer to the foregoing embodiments. Afterthe session establishment is completed, the terminal queries, based onthe S-NSSAI associated with the session, the security requirement andthe latency requirement that are configured for the S-NSSAI, determines,based on the security requirement, whether the isolated resource needsto be provided for the session, and determines, based on the latencyrequirement, whether the high-priority resource scheduling needs to beprovided for the session, thereby ensuring security and latency of theend-to-end network slice.

The technical solution in Embodiment 1 may be used in combination withthe technical solution in Embodiment 3. In this case, in the sessionestablishment process, the terminal receives the security requirementindicated by the control plane network element. After the sessionestablishment is completed, the terminal queries for a latencyrequirement configured for the session, determines, based on thesecurity requirement, whether the isolated resource needs to be providedfor the session, and determines, based on the latency requirement,whether the high-priority resource scheduling needs to be provided forthe session, thereby ensuring the security and latency of the end-to-endnetwork slice.

Based on a same concept, an embodiment of this application furtherprovides a resource configuration apparatus. The apparatus may beconfigured to perform the steps performed by the terminal in FIG. 2.Therefore, for an implementation of the resource configuration apparatusprovided in this embodiment of this application, refer to theimplementations of the foregoing method.

For example, referring to FIG. 9, an embodiment of this applicationprovides a resource configuration apparatus 900, including:

an obtainer 910, configured to obtain a slice attribute corresponding toa slice type of a first session, where the slice attribute correspondingto the slice type includes at least one of a security requirement or alatency requirement of the slice type; and

a processor 920, configured to perform resource configuration for thefirst session based on the slice attribute.

In a possible implementation, when obtaining the slice attributecorresponding to the slice type of the first session, the obtainer 910is specifically configured to:

send a session establishment request message to a control plane networkelement, and receive a session establishment accept message from thecontrol plane network element, where the session establishment acceptmessage carries the slice type of the first session; and

obtain, based on a mapping relationship that is between each slice typeand each slice attribute and that is locally stored in the terminal, theslice attribute corresponding to the slice type of the first session.

In a possible implementation, when obtaining the slice attributecorresponding to the slice type of the first session, the obtainer 910is specifically configured to:

send a session establishment request message to a control plane networkelement, and receive a session establishment accept message from thecontrol plane network element, where the session establishment acceptmessage carries the slice attribute corresponding to the slice type ofthe first session, and the slice attribute is the security requirementof the slice type.

In a possible implementation, when performing resource configuration forthe first session based on the slice attribute, the processor 920 isspecifically configured to:

if the slice attribute includes the security requirement of the slicetype, determine, based on the security requirement of the slice type,whether to provide an isolated resource for the first session.

In a possible implementation, when performing resource configuration forthe first session based on the slice attribute, the processor 920 isfurther configured to:

if the slice attribute includes the latency requirement of the slicetype, determine, based on the latency requirement of the slice type,whether to provide high-priority resource scheduling for the firstsession.

Based on a same concept, this application further provides a terminal.The terminal may be configured to perform the steps performed by theterminal in FIG. 2. Therefore, for an implementation of the terminalprovided in this embodiment of this application, refer to theimplementations of the method.

Referring to FIG. 10, an embodiment of this application provides aterminal 1000. The terminal includes a transceiver 1010, a processor1020, and a memory 1030. The transceiver 1010, the processor 1020, andthe memory 1030 may be connected to each other by using a bus system.The memory 1030 is configured to store a program, an instruction, orcode. The processor 1020 is configured to execute the program, theinstruction, or the code in the memory 1030, to specifically perform thefollowing steps: obtaining a slice attribute corresponding to a slicetype of a first session, where the slice attribute corresponding to theslice type includes at least one of a security requirement or a latencyrequirement of the slice type; and performing resource configuration forthe first session based on the slice attribute.

It should be noted that in a specific implementation, a function of theobtainer 910 in FIG. 9 may be implemented by using the transceiver 1010in FIG. 10, and a function of the processor 920 in FIG. 9 may beimplemented by using the processor 1020 in FIG. 10.

A person skilled in the art should understand that the embodiments ofthis application may be provided as a method, a system, or a computerprogram product. Therefore, the embodiments of this application may usea form of hardware only embodiments, software only embodiments, orembodiments with a combination of software and hardware. Moreover, theembodiments of this application may use a form of a computer programproduct that is implemented on one or more computer-usable storage media(including but not limited to a disk memory, a CD-ROM, an opticalmemory, and the like) that include computer-usable program code.

The embodiments of this application is described with reference to theflowcharts and/or block diagrams of the method, the device (system), andthe computer program product according to the embodiments of thisapplication. It should be understood that computer program instructionsmay be used to implement each process and/or each block in theflowcharts and/or the block diagrams and a combination of a processand/or a block in the flowcharts and/or the block diagrams. Thesecomputer program instructions may be provided for a general-purposecomputer, a dedicated computer, an embedded processor, or a processor ofany other programmable data processing device to generate a machine, sothat the instructions executed by a computer or a processor of any otherprogrammable data processing device generate an apparatus forimplementing a specific function in one or more processes in theflowcharts and/or in one or more blocks in the block diagrams.

These computer program instructions may be stored in a computer-readablememory that can instruct the computer or any other programmable dataprocessing device to work in a specific manner, so that the instructionsstored in the computer-readable memory generate an artifact thatincludes an instruction apparatus. The instruction apparatus implementsa specific function in one or more processes in the flowcharts and/or inone or more blocks in the block diagrams.

These computer program instructions may be loaded onto a computer oranother programmable data processing device, so that a series ofoperations and steps are performed on the computer or the anotherprogrammable device, thereby generating computer-implemented processing.Therefore, the instructions executed on the computer or anotherprogrammable device provide steps for implementing a specific functionin one or more processes in the flowcharts and/or in one or more blocksin the block diagrams.

Obviously, a person skilled in the art can make various modificationsand variations to embodiments of this application without departing fromthe spirit and scope of this application. This application is intendedto cover these modifications and variations provided that they fallwithin the scope defined by the following claims and their equivalenttechnologies.

What is claimed is:
 1. A resource configuration method, comprising:obtaining, by a terminal, a slice attribute corresponding to a slicetype of a first session, wherein the slice attribute corresponding tothe slice type comprises at least one of a security requirement or alatency requirement of the slice type; and performing, by the terminal,resource configuration for the first session based on the sliceattribute.
 2. The method according to claim 1, wherein the obtaining theslice attribute comprises: sending, by the terminal, a sessionestablishment request message to a control plane network element, andreceiving a session establishment accept message from the control planenetwork element, wherein the session establishment accept messagecarries the slice type of the first session; and obtaining, by theterminal based on a mapping relationship that is between each slice typeand each slice attribute and that is locally stored in the terminal, theslice attribute corresponding to the slice type of the first session. 3.The method according to claim 2, wherein the slice attribute comprisesthe security requirement and/or the latency requirement of the slicetype.
 4. The method according to claim 2, wherein the control planenetwork element comprises a session management function entity and anaccess and mobility management function entity.
 5. The method accordingto claim 1, wherein the obtaining the slice attribute comprises:sending, by the terminal, a session establishment request message to acontrol plane network element, and receiving a session establishmentaccept message from the control plane network element, wherein thesession establishment accept message carries the slice attributecorresponding to the slice type of the first session.
 6. The methodaccording to claim 5, wherein the slice attribute comprises the securityrequirement of the slice type.
 7. The method according to claim 1,wherein the performing resource configuration for the first sessioncomprises: if the slice attribute comprises the security requirement ofthe slice type, determining, by the terminal based on the securityrequirement of the slice type, whether to provide an isolated resourcefor the first session.
 8. The method according to claim 1, wherein theperforming resource configuration for the first session furthercomprises: if the slice attribute comprises the latency requirement ofthe slice type, determining, by the terminal based on the latencyrequirement of the slice type, whether to provide high-priority resourcescheduling for the first session.
 9. A resource configuration apparatus,comprising: an interface; a processor; and a memory storing a program,the program including instructions that, when executed by the processor,control the processor to: obtain a slice attribute corresponding to aslice type of a first session, wherein the slice attribute correspondingto the slice type comprises at least one of a security requirement or alatency requirement of the slice type; and perform resourceconfiguration for the first session based on the slice attribute. 10.The apparatus according to claim 9, wherein to obtain the sliceattribute corresponding to the slice type of the first session, theprogram includes instructions that, when executed by the processor,control the processor to: send a session establishment request messageto a control plane network element, and receive a session establishmentaccept message from the control plane network element, wherein thesession establishment accept message carries the slice type of the firstsession; and obtain, based on a mapping relationship that is betweeneach slice type and each slice attribute and that is locally stored inthe terminal, the slice attribute corresponding to the slice type of thefirst session.
 11. The apparatus according to claim 10, wherein theslice attribute comprises the security requirement and/or a latencyrequirement of the slice type.
 12. The apparatus according to claim 10,wherein the control plane network element comprises a session managementfunction entity and an access and mobility management function entity.13. The apparatus according to claim 9, wherein to obtain the sliceattribute corresponding to the slice type of the first session, theprogram includes instructions that, when executed by the processor,control the processor to: send a session establishment request messageto a control plane network element, and receive a session establishmentaccept message from the control plane network element, wherein thesession establishment accept message carries the slice attributecorresponding to the slice type of the first session.
 14. The apparatusaccording to claim 9, wherein the slice attribute comprises the securityrequirement of the slice type.
 15. The apparatus according to claim 9,wherein to perform resource configuration for the first session based onthe slice attribute, the program includes instructions that, whenexecuted by the processor, control the processor to: if the sliceattribute comprises the security requirement of the slice type,determine, based on the security requirement of the slice type, whetherto provide an isolated resource for the first session.
 16. The apparatusaccording to claim 9, wherein to perform resource configuration for thefirst session based on the slice attribute, the program includesinstructions that, when executed by the processor, control the processorto: if the slice attribute comprises the latency requirement of theslice type, determine, based on the latency requirement of the slicetype, whether to provide high-priority resource scheduling for the firstsession.
 17. A non-transitory computer readable storage medium storinginstructions for use in a resource configuration apparatus, theinstructions comprising: first instructions that, when executed by aprocessor of the resource configuration apparatus, control the processorto obtain a slice attribute corresponding to a slice type of a firstsession, wherein the slice attribute corresponding to the slice typecomprises at least one of a security requirement or a latencyrequirement of the slice type; and second instructions that, whenexecuted by the processor, control the processor perform resourceconfiguration for the first session based on the slice attribute.